• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

How to best log out a user? By using `/api/logout` or the `/oauth2/logout?`

Scheduled Pinned Locked Moved
Q&A
0
2
3.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    joshua
    last edited by 25 May 2021, 21:04

    How to best log out a user? By using /api/logout or the /oauth2/logout?

    1 Reply Last reply Reply Quote 0
    • J
      joshua
      last edited by 25 May 2021, 21:12

      If managing your own session (not OAuth)

      Documentation Link

      If you are not using the FusionAuth SSO, then you will manage the user session and state in your application.

      Within this self-managed context, the Logout API /api/logout is only useful if you are using the Login API within the context of a browser. In this case, the Logout API will return a response HTTP header to tell the browser to delete the cookies written by the Login API.

      In other words, depending on your configuration/setup/specifics, there may be more work to do within your self-managed SSO to completely log the user out.

      If not managing your own session (one example would be to follow OAuth)

      Documentation Link

      If you are following OAuth, then you will hit the endpoint provided in the above doc link (currently /oauth2/logout).

      This logout endpoint provides a mechanism to invalidate the user’s session held by FusionAuth, this effectively logs the user out of FusionAuth.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post